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CLAIMS 

The listing of claims below replaces all prior listings and versions. 

1. (Currently amended) A controlled multicast system, including an Ethernet switch and a 
multicast router, where the Ethernet switch connects with each [[host]] of a plurality of hosts in a 
downlink, connects with the multicast router in an uplink, the multicast router connects with a 
multicast router of other systems in the uplink, the Ethernet switch implementing multicast exchange 
of a layer 2, an IGMP V2 protocol is adopted as group management protocol between the Ethernet 
switch and the host; wherein the controlled multicast system further comprises: 

a portal server, connecting with the multicast router and providing an interface of user access 
authentication; and an authentication server, storing configuration of privilege for the host which 
wants to join in the multicast group; 

[[The]] the multicast router and the authentication server adopting a Client-server structure 
by which the authentication server authenticates identification of the host to join in a multicast group 
with information inputted through the interface provided by the portal server, and the multicast 
router records a User ID and a corresponding vlan ID corresponding to the User ID of the 
authenticated host and then distributes control commands according to results of the authentication 
to control multicast forwarding operations of the Ethernet switch. 

2. (Previously presented) The controlled multicast system according to claim 1 , a RADIUS+ 
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protocol extended from an RADIUS (Remote Authentication Dial In User Service) protocol is 
adopted as communication protocol between the multicast router and the authentication server. 

3 . (Previously presented) The controlled multicast system according to claim 1 , wherein the 
authentication server is an AAA (authorization and Authentication) server. 

4. (Previously presented) The controlled multicast system according to claim 1, wherein 
configuration of privilege comprises a corresponding relation between the User ID of the host and an 
address of multicast group in which the host wants to join; 

the information inputted through the interface provided by the portal server comprises the 
User ID and a password; 

each port through which the host is connected to the Ethernet switch is a vlan port; 

wherein the authentication server in the system further for, after receiving an extended 
RADIUS authentication message from the multicast router, of which attributes include the User ID 
as the user name and the address of multicast group in which the host wants to join, detecting 
whether to accept the host joining in the multicast group based on the configuration of privilege; 

responding with an acceptance message to the multicast router if the host has suitable 
privilege, otherwise returning a reject message; 

wherein the multicast router in the system further for, after receiving an IGMP 
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Membership Report message from the Ethernet switch, according to the vlan ID in the message, 
searching the corresponding User ID in a multicast access privilege table of the multicast router, and 
then sending the said extended RADIUS authentication message, to the authentication server; 

after receiving the acceptance message from the authentication server, writing the address of 
the multicast group in which the host can join into the said multicast access privilege table, and 
implementing a routine disposal on join messages of the host, then generating a Join message, which 
comprises the vlan ID corresponding to the port that links with the host which wants to join in the 
multicast group, the address of the multicast group that is applied for, and a Join command field, and 
then transmitting to the Ethernet switch; moreover, completing a routine processing of creating 
multicast forwarding tree on the IGMP Membership Report message; doing nothing after receiving 
the reject message; 

the Ethernet switch for, forwarding the IGMP Membership Report message from the host, 
wherein the IGMP Membership Report message forwarded to the multicast router port carries with 
the vlan ID of the host; 

after receiving the Join message from the multicast router, searching the MAC address 
corresponding to the address of the multicast group in the forwarding table; if the entry 
corresponding with the MAC address is found, obtaining the port number of the host via searching 
tin the forwarding table with the vlan ID in the Join message, and then adding the port number into 
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the said entry; if nothing is found, adding an entry in the forwarding table, which comprises the 
MAC address corresponding to the multicast address, the port number of the host which applies to 
join in the multicast group, and the port number of the multicast router connected with the Ethernet 
switch; 

after receiving a multicast flow from the multicast router, forwarding it to ports of the 
Ethernet switch with the current forwarding table. 

5. (Previously presented) The controlled multicast system according to claim 1 , wherein the 
multicast router in the system further for, after receiving an IGMP Leave message, extracting the 
vlan ID from the message, and obtaining corresponding entry in the multicast access privilege table 
via searching with the vlan ID, then deleting the address of the multicast group indicated by the 
IGMP Leave message in the entry; 

after completing a routine disposal on leave messages of the host, generating a Leave 
message and sending to the Ethernet switch, which includes the vlan ID of the host which wants to 
leave the multicast group, the address of multicast group where the host wants to leave and a Leave 
command field; 

the Ethernet switch further for, after receiving the Leave message from the multicast router, 
obtaining the entry through looking up the forwarding table with the MAC address corresponding to 
the multicast address of the multicast group, and getting the port number of the host with the vlan ID 
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in the Leave message, and then deleting the said port number from said entry. 

6. (Previously presented) The controlled multicast system according to claim 1, wherein the 
multicast router in the system further for, after knowing offline status of the host, actively generating 
the Leave message and sending to the Ethernet switch; moreover terminating the multicast flow 
transmission. 

7. (Previously presented) A method for implement a controlled multicast, comprising: 

A. in advance, according to ports of an Ethernet switch, classifying vlan with one vlan for each 
port, and linking one port to the host; 

making access authentication for a host which wants to join in a multicast group, if the authentication 
is successful, executing step B, otherwise ending; 

B. forwarding an IGMP Membership Report message from the host by the Ethernet switch; 

C. detecting whether to accept the host joining in the multicast group, if it is, generating a Join 
message to control establishing of an entry in a forwarding table of the Ethernet switch by a multicast 
router, and forwarding a multicast flow from the multicast router according to the current forwarding 
table by the Ethernet switch; otherwise ending. 

8. (Previously presented) The method for implementing a controlled multicast according to 
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claim 7, for the host which wants to leave the multicast group, the method further comprising, 
forwarding an IGMP Leave message from the host by the Ethernet switch; generating a Leave 
message to control deleting the entry of the host in the forwarding table after the multicast router 
receives the IGMP Leave message. 

9. (Previously presented) The method for implementing a controlled multicast according to 
claim 7, further comprising, actively generating the Leave message to control deleting the entry of 
the host in the forwarding table by the multicast router once knowing offline status of the host, and 
terminating the multicast flow transmission. 

10. (Previously presented) The method for implementing a controlled multicast according to 
claim 7, in step A, the said step of making access authentication for a host which wants to join in the 
multicast group comprises, in advance, storing configuration of privilege for hosts which want to 
join in the multicast group in an authentication server that connects with the multicast router, 
wherein the configuration of privilege includes a corresponding relation between a User ID of the 
host and an address of multicast group in which the host wants to join; 

inputting information including the User ID and a password through an interface provided by 
a portal server, and authenticating identification of the host with the information by the 
authentication server; 
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recording the User ID of the host and a corresponding vlan ID of the host in a multicast 
access privilege table by the multicast router after the authentication is successful; 
the step B further comprises, if the port corresponding to the destination MAC address in the IGMP 
Membership Report message is found in the forwarding table, forwarding to the found port, 
otherwise forwarding to all ports; wherein the IGMP Membership Report message forwarded to the 
multicast router port carries with vlan ID of the host; 

the step C further comprises, 

CI. after multicast router receives the IGMP Membership Report message, 
searching the User ID of the host in the multicast access privilege table based on the vlan ID in the 
IGMP Membership Report message; then sending an extended RADIUS authentication message 
which includes the User ID just found as the user name and the address of multicast group in which 
the host wants to join as the name and the address of multicast group in which the host wants to join 
as the attribute, to the authentication server; detecting whether to accept the host joining in the 
multicast group by the authentication server according to the configuration of privilege; 

if the host has suitable privilege, responding with an acceptance message to the 
multicast router by the authentication server, and then executing step C2, otherwise returning a reject 
message; the multicast router does nothing and ends after receiving the reject message; 

C2. after the multicast router receives the acceptance message, writing the address 
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of the multicast group in which the host can join into the said multicast access privilege table, and 
implementing a routine disposal on join messages of the host, then generating a Join message, which 
comprises the vlan ID corresponding to the port that links with the host which wants to join in the 
multicast group, the address of the multicast group that is applied for, and a Join command field, and 
then transmitting to the Ethernet switch; moreover, completing a routing processing of creating 
multicast forwarding tree on the IGMP Membership Report message; 

C3. searching the MAC address corresponding to the address of the multicast 
group in the forwarding table by the Ethernet switch; if the entry corresponding with the MAC 
address is found, obtaining the port number of the host via the vlan Id IN THE Join message, and 
then adding the port number into the said entry; if nothing is found, adding an entry in the forwarding 
table, which comprises the MAC address corresponding to the multicast address, the port number of 
the host which applies to join in the multicast group, and the port number o the multicast router 
connected with the Ethernet switch; 

C4. sending only one copy of the multicast flow to the Ethernet switch by the 
multicast router. 

1 1 . (Previously presented) The method for implementing a controlled multicast according to 
claim 8, the step of forwarding an IGMP Leave message from the host further comprises, forwarding 
the IGMP Leave message from the host based on the current forwarding table; wherein the IGMP 
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Leave message forwarded to the multicast router carries with the vlan ID of the host; 

the step of generating a Leave message to control deleting the entry of the host in the 
forwarding table further comprises, after the multicast router receives the IGMP Leave message, 
extracting the vlan ID from the message, and obtaining corresponding entry via searching in the 
multicast access privilege table with the vlan ID, then deleting the address of the multicast group 
indicated by the IGMP Leave message in the entry of the multicast access privilege table; completing 
a routine disposal on leave messages of the host, and then generating a Leave message and sending to 
the Ethernet switch, which includes the vlan ID of the host which wants to leave the group, the 
address of multicast group where the host wants to leave and a Leave command field; 

after the Ethernet switch receives the Leave message, obtaining the entry through looking up 
the forwarding table with the MAC address corresponding to the multicast address of the multicast 
group, and getting the port number of the host with the vlan ID in the Leave message, and then 
deleting the said port number from the said entry. 

12. (Previously presented) The method for implementing a controlled multicast according to 
Claim 1 1, the step of generating a Leave message to control deleting the entry of the host in the 
forwarding table further comprises, if the deleted port is the solely port of the said entry in the 
forwarding table, further deleting the whole entry. 
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13. (Previously presented) The method for implementing a controlled multicast according to 
Claim 7 during the messages forwarding, adopting a vlan protocol between the multicast router port 
and the Ethernet switch. 

14. (Previously presented) The method for implementing a controlled multicast according to 
claim 7, the method further comprises, filtering data messages send by a multicast sender with a 
multicast Access Control List (ACL) through the first receiver among the multicast routers, and 
forwarding the data messages that satisfy the requirements in the ACL to the multicast tree. 

15. (Previously presented) The method for implementing a controlled multicast according to 
claim 14, wherein the multicast ACL comprises a command word, a source address and a group 
address. 

16. (Previously presented) The method for implementing a controlled multicast according to 
claim 14, wherein the multicast ACL is distributed to each multicast router by a centralized multicast 
service control server; meanwhile the multicast service control server is also acts as the 
authentication server. 

17. (Previously presented) The method for implementing a controlled multicast according to 
claim 14, wherein the multicast ACL can also be distributed by a centralized policy server or a 
network manager. 
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